Password Guidelines

The days of using simple words, a single character, or a blank password are gone. Today, easy passwords can be cracked or guessed within hours or even minutes. Since the information on your computer is precious and potentially confidential, you need to protect it as much as you can. This guide is to help you create strong and solid passwords that will serve as a roadblock for intruders who are trying to break-in to your computer or online accounts.

  • Length – The number of characters for your password is very important. The recommended number of characters are at least eight characters (a UH Username password is required to be 8-32 characters). A three character password such as fgy can easily be guessed by an intruder (or a password cracking program) much more quickly  than an eight character password such as 10RvR09$.
     
  • Strength – The strength of a password refers to the complexity of the password. In other words, can anyone guess what your password is? For example, if your computer account is janedoe and your password is janedoe or JaneDoe, an intruder can easily try and succeed in logging into your computer. You should not use words that can be traced to you such as your address, pet name, spouse name, surname, nickname, and should not use any words contained in dictionaries in any languages.

    To strengthen your password, the recommendation is to use a mix of special characters, numbers, and the alphabet (a UH Username password requires one upper case character, one lower case character, one number, and one special character). Special characters are !@#$%^&*()_+{}. Here are a few examples of stronger passwords: uRkn2T@ or R24Real? or Yc@nU95.
     
  • Keywords – Most people are familiar with creating simple temporary passwords for new employees or for other trusted people with the intent on allowing them to change the password at a later time. Passwords like abc123 and 567fgh were commonly used. If you use or ever used this method, you should break this habit. These passwords are almost like not having a password because intruders have programmed these words into their software to guess your password. The recommended practice is to assign a strong password from the beginning so that the new employee or trusted colleague will also follow your lead.
     
  • Longevity – How long should I keep the same password before I need to change it? The longer that you use the same password there is a higher risk of an intruder breaking into your computer. Why? The intruder will have all the time in world to keep trying to guess your password because you never changed it.

    You must remember that intruders are relentless and will not give up so easily especially if they really want to get into your computer. The recommended time to keep a password will vary depending on how secure your computer needs to be. This is usually dictated through a departmental policy. A computer that requires high security should have a shorter life span for passwords for example, 30 days. A computer with normal security should have about 45 days.
     
  • Historical – It is not a good practice to create four or five passwords and switch between them every time the computer reminds you to change your password. It would defeat the purpose of having a life span for the passwords. For example:

    start – my password is Tr*2catchmE!
    45 days later– I change my password to U#can’tGetIN%
    45 days later – I change my password to Wht$Up23&
    45 days later – I change my password back to the starting password Tr*2catchmE!

    Do not just add on more characters to your existing password such as Tr*2catchmE!456. If the intruder guessed the first part of the password, they would just need to guess the last three characters.

    Be creative. You should not recycle passwords! This is one resource that you are allowed to waste.
     
  • One for All – Keeping track of passwords for different accounts can be difficult. It is very convenient to create a strong password and use it for all your accounts for your credit card company website, your home Internet service provider, your work computer, or your personal email accounts like Hotmail or Yahoo. This is a bad habit and you should never do this. Let’s say that you have 14 accounts with a variety of Web sites or email sites. An intruder breaks into one of those companies who offer these services. The intruder now has your password for all 14 accounts and will have an easy time gaining access to those accounts. The recommended practice is to have different passwords for each account. This means that you will have 14 different passwords if we use the previous example. This way the intruder will not be able to take over all of your accounts.

Other password-related security tips are:

  • Do NOT share your passwords with anyone!  They *could* easily misuse your account or give your password to someone else.

     

  • If you did provide your password to a technical staff for assistance with your computer, change your password as soon as your problem is resolved.

     

  • If you do login to your account using a public, shared computer (like in a net cafe or public library) change your password later using a safe,secure computer.  The public computer may be infected with a keystroke logger that can record your account and password that can be used by spammers and hackers.

     

  • Do NOT post your password on your computer monitor, any where on your desk, or under your keyboard. 

 UH usernames are being hijacked with increasing frequency.  Please read:  Compromised UH Usernames  for more details.

This guide was created to make you aware of the consequences of using weak or blank passwords and not to make you paranoid. Remember that your password is your key into unlocking your computer and it is comparable to a car key unlocking your car door. Creating strong password is one of the easiest security tools to keep your computer and information safe.

Please rate the quality of this answer: PoorFairOkayGoodExcellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 705
Created: Tue, 13 Feb 2007 3:35pm
Modified: Tue, 11 Sep 2012 8:56am